[UPHPU] Is https enough?
Lonnie Olson
lists at kittypee.com
Mon Jun 11 12:31:25 MDT 2007
Webot Graphics wrote:
> I don't fully understand the security here.
>
> Is https enough to mostly protect the transmission of credit card data?
If you are only talking about protecting the actual transmission, then
Yes. HTTPS is enough.
However, it is probably even more important to pay attention to what
happens to the data at both ends of the https transaction.
* Neither side should store the information longer than necessary to get
approval.
* Niether side should re-transmit the data via an insecure protocol
(email especially).
--lonnie
More information about the UPHPU
mailing list